[squid-users] RE: Squid: NCSA Password Authentication from Peter Kassies on 2001-06-06 (squid-users)

From: Peter Kassies <p.kassies@dont-contact.us>
Date: Wed, 6 Jun 2001 16:54:48 +0200

Laurence,

I had to find this by experience myself:
- Make sure you compile the NCSA module: it will show itself in
/usr/local/squid/bin as ncsa_auth

- then reconfigure squid.conf, look at the following line:
authenticate_program /usr/local/squid/bin/ncsa_auth
/usr/local/squid/etc/passwd

- now create a passwd file in /usr/local/squid/etc. You might want to change
the link to /etc/passwd, but this is a serious security leak, since all
users gain access to your proxyserver as wel. Therefore better to generate a
separeate passwd file.

An account in passwd should look like:
account:TgbmBqG/2Nh6.
xxxxx:ZweUcfy6Ut/32
check:CVMvFl44b7HDQ

So first the username then a : and the passwd in des encryption.

I use the htaccess script from apache to create these entries:
./htpasswd -b /usr/local/squid/etc/passwd <username> <password>

Finally you need to modify squid.conf to activate useraccess. Example:

acl all src 0.0.0.0/0
acl users proxy_auth REQUIRED
acl allowedsites dstdomain www.ptt-post.nl

acl ban url_regex sex

http_access deny ban
http_access allow allowedsites
http_access allow users
http_access deny all

So these lines do: ban all sites with sex in the url, allow you to the
special sites without passwords (these are sites considered appropriate by
management), if not a special site: it asks for your passwd, if no password
is given: access is denied.

Works for me.

Peter

> -----Oorspronkelijk bericht-----
> Van: laurence@gazelle.net [mailto:laurence@gazelle.net]
> Verzonden: Wednesday, June 06, 2001 4:16 PM
> Aan: p.kassies@ptt-post.nl
> Onderwerp: Squid: NCSA Password Authentication
>
>
> Hi there! Sorry about the intrusion, i've been trying to send this to the
> squid-users list, but i keep getting errors from the server(!?). Anyway, i
> noticed you use NCSA on your Squid installation; i've compiled NCSA into
> Squid, but i can't find any Manuals or FAQ's on how to use it! Maybe i'm
> missing something VERY obvious here, maybe not, but could you
> tell me where
> i could find these?
> Many Thanks,
> Laurence J Praties
> Systems Administrator
> Gazelle Informatics Ltd
> tel: 0871 871 0222
> fax:0871 871 0223
>
Received on Wed Jun 06 2001 - 08:54:58 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:31 MST